K8S

K8S部署

先创建一个debian模板

选择iso

快速安装一下即可:

安装完成克隆成模板:

Master节点

直接克隆一个就可以

克隆两个本地node

sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list
echo "export PATH=$PATH:/usr/sbin:/home/$(whoami)/.local/bin" >> ~/.bashrc
source ~/.bashrc
apt install ufw

apt install sudo vim wget curl -y

sudo hostnamectl set-hostname dayi-cloud-k8s-master

这里HOSTS用了tailscile 来进行相互访问

curl -fsSL https://tailscale.com/install.sh | sh

这样就配好hosts了

dayi-cloud-k8s-master
dayi-cloud-k8s-node1
dayi-cloud-k8s-node2

Master

sudo ufw allow 6443/tcp
sudo ufw allow 2379/tcp
sudo ufw allow 2380/tcp
sudo ufw allow 10250/tcp
sudo ufw allow 10251/tcp
sudo ufw allow 10252/tcp
sudo ufw allow 10255/tcp
sudo ufw reload

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf 
overlay 
br_netfilter
EOF

sudo modprobe overlay 
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1 
net.bridge.bridge-nf-call-ip6tables = 1 
EOF


sudo sysctl --system

Other

sudo ufw allow 10250/tcp
sudo ufw allow 30000:32767/tcp
sudo ufw reload


cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf 
overlay 
br_netfilter
EOF

sudo modprobe overlay 
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1 
net.bridge.bridge-nf-call-ip6tables = 1 
EOF


sudo sysctl --system

SSH-密钥复制

mkdir ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDk1VvdE9ZZFnK5Bwhi+C74B/rLvT7zKHN4/tUhzLFrMVDQZvsF+8ON9w4xHK1AZyb64GQXs9BtX93N+OJ51t5ZbEl960S0o7BYgcdB7q3+wb9E4uTYNFK7akcBgtxa+3gmZTmttr1l2KT3xzfE9BebkRg+C/DO/PwnaPwOWyeYc90fmcpk7voM2e268wmv6V2eZmIKaA/T7GXCe22qKIcrgWZp78BHL1Je+sqQ72FfzGasDj/iDCcqbW6fsQ4v0QHsuQ4SavcT3xvPDPTwCow4CoV8cQiK4s2nak/5z8lZF07FRJsF0oYcg7m+9qizLv3jBi/P1M26Rhpj5fV6XmdBtIpSY8A958U2bPT/16eAJOcyj+0qFL2E0DWs7Hbh8tni4L51mppQfx4VnozzEzPPaEauGA/GNQ+HlKcaEe43bBia7btW9K9c6EHPvolAf/365gv4BcKArlbOVo4kfxqfX7ybjSnK2pz3kZjFDrXwhQ0LsVqlZIvGu+wkHIVFYHM= root@dayi-cloud-k8s-maste" >> ~/.ssh/authorized_keys

安装containerd

apt install containerd
containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
sudo vi /etc/containerd/config.toml

scp /etc/containerd/config.toml dayi-cloud-k8s-node1:/etc/containerd/config.toml
scp /etc/containerd/config.toml dayi-cloud-k8s-node2:/etc/containerd/config.toml

sudo systemctl restart containerd
sudo systemctl enable containerd

安装K8S仓库


sudo apt install gnupg gnupg2 curl software-properties-common -y
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/cgoogle.gpg
apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"

安装K8S

apt update
apt install kubelet kubeadm kubectl -y
apt-mark hold kubelet kubeadm kubectl

初始化集群:

kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.234.0.0/16 --control-plane-endpoint=dayi-cloud-k8s-master --v=5

虚拟化K8S安装

# 设置主机名
hostnamectl set-hostname m1
hostnamectl set-hostname node1
hostnamectl set-hostname node2
、
===== 192.168.0.202 node2

# 使用scp复制/etc/hosts到node1和node2
scp /etc/hosts root@192.168.0.201:/etc/hosts
scp /etc/hosts root@192.168.0.202:/etc/hosts

# 关闭swap并配置内核参数
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
echo -e 'net.bridge.bridge-nf-call-iptables = 1 \nnet.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf

# 安装基本软件包
yum -y install wget ntpdate

# 配置时间同步
ntpdate ntp1.aliyun.com
crontab -e
# 添加以下内容
*/1 * * * * /usr/sbin/ntpdate ntp1.aliyun.com
systemctl restart crond.service
reboot

# 配置yum源及下载Kubernetes和Docker相关软件包
cd /etc/yum.repos.d
rm -f CentOS-*
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo
vi /etc/yum.repos.d/kubernetes.repo
# 添加kubernetes源的配置信息
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
rpm -import rpm-package-key.gpg
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all
yum makecache fast
cd

# 安装docker-ce并启动服务
yum -y install docker-ce
systemctl start docker
systemctl enable docker

# 配置Docker的镜像加速器
vi /etc/docker/daemon.json
# 添加以下内容
{
    "registry-mirrors": ["https://x3nqjrcg.mirror.aliyuncs.com"]
}

# Docker降级为20.10
yum downgrade --setopt=obsoletes=0 -y docker-ce-20.10.24 docker-ce-selinux-20.10.24 containerd.io

# 修改Docker Cgroup Driver为systemd
vi /etc/docker/daemon.json
# 添加以下内容
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": ["https://x3nqjrcg.mirror.aliyuncs.com"]
}

# 重启docker服务
systemctl daemon-reload
systemctl restart docker

# 安装kubeadm、kubectl、kubelet
yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
systemctl start kubelet
systemctl enable kubelet

# 下载Kubernetes镜像
kubeadm config images list --kubernetes-version v1.23.17
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers

# 初始化Kubernetes集群
kubeadm init \
--kubernetes-version=v1.23.17 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=192.168.8.10 \
--image-repository=registry.aliyuncs.com/google_containers 

# 配置环境变量
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 安装Flannel网络
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
kubectl apply -f kube-flannel.yml

# 将节点加入到集群
kubeadm join 192.168.8.10:6443 --token [token] --discovery-token-ca-cert-hash [hash]

# 查看集群状态
kubectl get nodes

Debian安装

K8S2

哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈哈

换CENTOS

换大牛

Rencher

真男人直接下载:


修改主机名:

ssh-keygen -t ecdsa -b 256
ssh-copy-id node1
ssh-copy-id node2

复制密钥:

ssh-copy-id node2

复制hosts

scp /etc/hosts root@node1:/etc/hosts 
scp /etc/hosts root@node2:/etc/hosts 

修改内核配置

/etc/sysctl.conf

vi:

echo -e 'net.bridge.bridge-nf-call-iptables = 1 \nnet.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf

开启模块

modprobe br_netfilter
ls /proc/sys/net/bridge/
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
sysctl -p

发送到从节点:

scp /etc/sysctl.conf root@node1:/etc/sysctl.conf
scp /etc/sysctl.conf root@node2:/etc/sysctl.conf 

#从节点执行:
modprobe br_netfilter
ls /proc/sys/net/bridge/
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
sysctl -p

防火墙 SELINUX:

systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld



setenforce 0
vi /etc/selinux/config
#修改: SELINUX=disabled

reboot

发送到从节点

scp /etc/selinux/config root@node1:/etc/selinux/config
scp /etc/selinux/config root@node2:/etc/selinux/config

查看SELINUX状态

sestatus

NTP时间同步

yum -y install wget ntpdate


crontab -e
*/1 * * * * /usr/sbin/ntpdate ntp1.aliyun.com

systemctl restart crond.service

添加源


vi /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

安装

yum downgrade --setopt=obsoletes=0 -y docker-ce-20.10.24 docker-ce-selinux-20.10.24 containerd.io


yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
systemctl start kubelet
systemctl enable kubelet
systemctl status kubelet
kubeadm config images list --kubernetes-version v1.23.17

初始化

mv /etc/containerd/config.toml /root/config.toml.bak
systemctl restart containerd

/etc/kubernetes/manifests/kube-scheduler.yaml

rm -rf /etc/kubernetes/manifests/kube-apiserver.yaml
rm -rf /etc/kubernetes/manifests/kube-controller-manager.yaml
rm -rf /etc/kubernetes/manifests/kube-scheduler.yaml
rm -rf /etc/kubernetes/manifests/etcd.yaml

kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=192.168.59.137 \
--image-repository=registry.aliyuncs.com/google_containers
--v=5

rm -f /etc/kubernetes/controller-manager.conf
rm -f /etc/kubernetes/scheduler.conf
rm -f /etc/kubernetes/scheduler.conf
rm -f /etc/kubernetes/admin.conf
rm -f /etc/kubernetes/kubelet.conf

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join 192.168.59.137:6443 --token y8m7u7.3ur44mc2ezb87fmq \
        --discovery-token-ca-cert-hash sha256:cb9d1bfa0c3adaabd9a34cd072e1d27c13c9cf9e6e3ef4a0c810b84d6fdf4c9f

节点:

节点:

状态:

最后修改:2023 年 11 月 23 日
如果觉得我的文章对你有用,请随意赞赏